Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8145526

An additive feature to the cacerts file that comes with the Java installation



    • Type: Enhancement
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: 7
    • Fix Version/s: None
    • Component/s: tools


      The user is using a deployment.config file with a link to a central
      deployment.properties file, which specifies a shared cacerts file location.

      The only disappointment with this method is the need to check for updates to
      the cacerts file with each Java release and going through the process of
      re-injecting the certs into the new cacerts file if it changed.

      It would be nice to have a process where we a user can add the additional
      certs to a centrally managed file that is automatically combined with the
      cacerts file in the program files folder of the latest JRE. The only way to
      accomplish this today would be to manage the user's trusted.cacerts file
      instead of the system cacerts file. The downside to that is managing
      trusted.cacerts takes away the ability to resolve one-off cert issues by
      adding it at the user level on an individual machine. We could also create an
      issue when the user cert file is first overwritten and had previously been
      utilized to fix an undocumented trust issue.

      This puts the user in a situation of which is the lesser evil. Managing via
      the system level and knowing we need to stay on top of JRE releases that
      contain an updated cacerts file or manage the user level and don't allow the
      user or IT to fix one-off issues on an individual basis. It'd be nice to have
      a solution where there are no cons to worry about.

      If there was a way to have a separate file that is additive to the cacerts
      file that comes with the Java installation that would eliminate this work.




            coffeys Sean Coffey
            shadowbug Shadow Bug
            0 Vote for this issue
            1 Start watching this issue